Advanced Programming in the UNIX Environment

CS631 - APUE - NetBSD/VirtualBox Setup

This document will guide you through the setup of a
NetBSD VM using
VirtualBox
to perform all your course work on. Please follow
these steps as shown; if you run into problems or have
questions, please send them to the class
mailing list.

Shall we continue? yes
Available disks: wd0
This is the correct geometry
Use the entire disk
Do you want to install the NetBSD bootcode? yes
Use existing partition sizes
Partition sizes are ok
Accept default name.
Shall we continue? 'yes'
Use the BIOS console
Select your distribution: 'Installation without X11'
Install from: 'CD-ROM'

After extraction is complete, 'hit enter to continue', then configure the network:

This should get you a DHCP lease and an overall
network configuration that we wish to commit to the
system:

Are they ok? yes
Do you want it installed in /etc?
yes

(If you enabled a second interface above for IPv6
only, then leave wm1 unconfigured; we will configure
that interface manually further below.)

Back on the configuration screen, 'enable
installation of binary packages'. While not
immediately necessary, this will allow you to later on
install additional software via the pkgin tool, so is a
useful step to complete here.

Accept all defaults and select:

'x: Install pkgin and update package summary'
'hit enter to continue'

Next, select:

'g: Enable sshd'
'h: Enable ntpd'
'o: Add a user'

Add your username, e.g., "jschauma'.

Note: it is required for this
class to create and run your code as a non-root user,
so this step is not optional.

Add the user to 'wheel', so you can su(1).

Select a shell, e.g. /bin/sh and set a
password.

(Note: we did not set a password for the
root account. If you like, you can do that. You may
also choose not to do that, but it's important to
understand why that might be acceptable: root is not
allowed to log in remotely (which is one of the
reasons why you had to create an additional user
account), but any user on the system could run
su(1) to become the super user without
requiring a password.

NetBSD requires users to be in the 'wheel' group to
run su(1), so only your newly created user should be
able to do this.

This, together with the fact that the VM is intended
for nothing of importance whatsoever may make it ok to
not have any additional protections on the superuser
account.)

Now you're back at the main install menu, where we
will perform a few minor configuration changes before
we reboot, so select 'x: Exit install System.
This drops you into a shell. Mount the virtual disk
and edit the file /etc/rc.conf on it:

mount /dev/wd0a /mnt
vi /mnt/etc/rc.conf

If you want to enable the second network interface
for IPv6 only connectivity, update
dhcpcd_flags="-qM wm0" to become
dhcpcd_flags="-qM wm0 wm1". Either way
append the following lines, then write the file and
quit (:wq):

no_swap=YES
hostname=apue

If you are connected to an IPv6 enabled network,
and you previously created the second network
interface in bridged mode, then you can now configure
it for IPv6 only. To do that, run the following
command to append the right lines to
/mnt/etc/dhcpcd.conf:

(Verifying the SSH host key in this context is
something we do primarily out of good security hygiene
and habit. A MitM attack against 'localhost' on your
VM network is rather unlikely. However, you should
get into the habit of verifying host keys when you
connect to other systems.)

Once you have confirmed that you can log in, let's
create an SSH key pair so that you no longer need a
password to access the VM. On your parent OS (i.e.,
outside your VM), run the following command:

With that in place, you should now be able to ssh to
the VM using your key. If you are on macOS, your ssh
agent will automatically store the key's passphrase in
the login keychain, so after the first time, you won't
have to provide it any longer.

So far, so good: you can ssh to your VM using your ssh
key without having to enter a passphrase. But that's
a lot of typing just to log in there. Let's save
ourselves some work by adding the right lines to our
~/.ssh/config (on the parent OS), then verify that
just typing 'ssh apue' works:

Set up your C development environment

Next, let's set up our C development environment.
As discussed in class, _all code *must* be compiled
using the '-Wall -Werror' flags. To do this,
we first set the CFLAGS environment variable
in our shell and then create an alias for the compiler
to use these flags. Assuming your user uses /bin/sh
as the default shell, you would do this as
follows:

Finally, we also want to avoid having to use the
VirtualBox application GUI every time we want to work
with our VM. So instead of relying on the GUI to
start our VM, we will use the command-line utility 'VBoxManage'.
To verify that this works as intended, let's first
shut down and power off our VM. For that, we need
super-user privileges, which we gain via the
su(1) command, and because we're notoriously
lazy, we immediately create another alias to save
ourselves some typing:

Now you can even take this one step further and
combine the starting of the VM, waiting for it to come
online, and ssh'ing to it into yet another alias
(e.g., 'start-apue && sleep 60 &&
ssh apue'), but this, and any further
customizations of the VM are up to you.